The Same Russians Who Hacked Clinton Are Targeting Biden

Uploaded on 2020-10-12 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Microsoft says that the same group of cyber criminals from Russia that attempted to interfere in the 2016 US election are trying to break into email accounts belonging to staff members from across the political spectrum.

Other hackers from China and Iran are also attempting to spy on the presidential campaigns of Donald Trump and Joe Biden, according to Microsoft. 

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that foreign groups and other malicious actors online are spreading disinformation around potential cyber attacks on US election infrastructure.  “During the 2020 election season, foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in US democratic institutions,” the agencies wrote 

Officials with the Department of Homeland Security and US intelligence have been saying for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest. This would be similar to the last presidential race, when they leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.  Then the agencies warned that US voter information is widely available through other avenues than illegal hacking, and that access to voter information had not impacted election results. 

Hackers targeted staff at Washington DC firm SKDKnickerbocker, a campaign strategy and communications firm working with Biden. ​Microsoft identified the suspected hacking group as the same set of spies blamed by the US government for breaking into the campaign of Democratic former presidential candidate Hillary Clinton and leaking the emails of her staff, two of the sources said. 

The group, which many researchers refer to as “Fancy Bear,” is controlled by the Russia’s military intelligence agency, according to reports from the US intelligence community released after the 2016 election. A person familiar with SKDK’s response to the attempts said the hackers failed to gain access to the firm’s networks. “They are well-defended, so there has been no breach,” the person said.

US intelligence agencies have raised alarms about possible efforts by foreign governments to interfere in the November presidential election.

Investigations by former special counsel Robert Mueller and the Senate intelligence committee both concluded that affiliates of the Russian government interfered in the 2016 presidential election to try to help Republican Donald Trump get elected. Mueller has warned that Russia was meddling in the current campaign. The Biden campaign said it was aware Microsoft said

One of the sources familiar with the incident told the Washington Post  that it was not clear whether Biden’s campaign was the target or whether the hackers were attempting to gain access to information about other SKDK clients. 

The attempts to infiltrate SKDK were recently flagged to the campaign firm by Microsoft, which identified hackers tied to the Russian government as the likely culprits, according to the three sources briefed on the matter. The attacks included phishing, a hacking method which seeks to trick users into disclosing passwords, as well as other efforts to infiltrate SKDK’s network, the three sources said.

Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.

The company, which has extraordinary visibility on digital threats via its widely used Windows operating system and cloud services has taken an increasingly active role in calling out state-backed cyber espionage. In 2018, the company launched its Defending Democracy initiative, aimed in part at safeguarding campaigns from hackers.

It is thought that Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff  and that  China, has tried to hack staff for former vice president Joe Biden, Democratic presidential candidate.

These nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by US adversaries.  The kinds of disinformation campaigns being pushed heavily by bots take a variety of forms, including false information about voting logistics like date, place, or fake voting requirements.

Reuters:       Washington Post:       NPR:      Sky:     The Hill:         TechRepublic

You Might Also Read:

US Electoral Infrastructure Is Wide Open To Hackers:

 

« Cambridge Analytica Did Not Influence The Brexit Referendum
Struggling With The Cyber Security Skills Shortage »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

AV Test

AV Test

The AV-TEST Institute is a leading international and independent service provider in the fields of anti-virus research and IT security.

National Defence Radio Establishment (FRA) - Sweden

National Defence Radio Establishment (FRA) - Sweden

The National Defence Radio Establishment (Försvarets Radioanstalt), is the Swedish national authority for Signals Intelligence, also providing Information assurance services to government authorities.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Suprema

Suprema

Suprema is a leading global provider of access control and biometrics solutions.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

SMESEC

SMESEC

SMESEC is a lightweight Cybersecurity framework for protecting small and medium-sized enterprises (SME) against Cyber threats.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

Global Cyber Risk (GCR)

Global Cyber Risk (GCR)

Global Cyber Risk is a technology and advisory services firm that provides first tier cybersecurity services to both large corporations and small and mid-sized businesses.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

Fortified Health Security

Fortified Health Security

Fortified’s team of cybersecurity specialists is dedicated to helping healthcare providers, payers and business associates protect their patient data across the Fortified Healthcare Ecosystem.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Resilience Cyber insurance

Resilience Cyber insurance

Resilience helps to improve cyber resilience by connecting cyber insurance coverage with advanced cybersecurity visibility and a shared plan to reinforce great cyber hygiene.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.